On 08/12/2016 17:05, Martin Basti wrote:
I suggest to keep DNS tree there and all permissions, just remove all
zones using IPA API and disable DNS service and dnssyncd service in
LDAP, because removing DNS completely is unsupported and untested
dn: cn=DNS,cn=vm-028.ipa.test,cn=masters,cn=ipa,cn=etc,$SUFFIX
objectClass: ipaConfigObject
objectClass: nsContainer
objectClass: top
ipaConfigString: startOrder 30
ipaConfigString: enabledService <--- remove this
cn: DNS
dn: cn=DNSKeySync,cn=vm-028.ipa.test,cn=masters,cn=ipa,$SUFFIX
objectClass: nsContainer
objectClass: top
ipaConfigString: dnssecVersion 1
ipaConfigString: startOrder 110
ipaConfigString: enabledService <---- remove this
cn: DNSKeySync
It will keep ipa dns* command working but without any effect
That did the job - nothing listening on port 53 now. Thank you!
Regards,
Brian.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
